What are the minimum permissions required for the Exchange Connector?

Once you have created a user account to use with the Exchange Connector, there are a couple of steps to ensure the connector will operate correctly using the account.

Note that failure to ensure these setting are made to your environment will result in the connector failing.

Step 1: Remote PowerShell

The Certero Exchange Connector pulls data using Windows remoting which requires the account you have created to have ‘Remote PowerShell’ rights on the Exchange server. This can be achieved as follows:

1. Open up the Exchange Management Shell

2. Execute the cmdlet below:

Set-User <USERNAME> -RemotePowerShellEnabled $true

Further information can be found here:

https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/control-remote-powershell-access-to-exchange-servers?view=exchange-ps

Step 2: Exchange Role Groups

With the remote PowerShell right enabled, the account now needs permissions within Exchange itself. This is done by adding the user to the ‘Organization Management’ universal security group in Active Directory. The group can be found under the ‘Microsoft Exchange Security Groups’ organisational unit in the root of the domain.

Further information can be found here:

https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/infrastructure-permissions?view=exchserver-2019